The present specification relates to the field of network computing. In particular, the present specification relates to a method and respective system for accessing locally stored data via a remote service offered by a centrally provided service provider portal.
Many companies operate an intranet portal. This is a web site which aggregates all business applications and information and provides these to the company's employees in a personalized manner. As used herein and in the appended claims, unless otherwise specifically denoted, the term “client” will be used to refer expansively to a device or browser that is able to display the content to the end user. Further, as used herein and in the appended claims, unless otherwise specifically denoted, the term “tenant” will be used to refer expansively to a party who has the right to use such a centralized portal infrastructure hosted by the data center (provider).
Larger companies or associations have centralized data centers that host the infrastructure. However, business areas or cooperation partners also have their own critical business applications and infrastructure that are not centrally hosted because of reasons of autonomy or confidentiality. In contrast, from an IT service and business perspective it is desirable to gain productivity and cost efficiency via a centralized IT and electronically connected business information, e.g. by using a portal integration platform.
Three state-of-the-art integration variants may be considered: A straightforward approach is depicted in FIG. 1 and is meant to give the provider access to the tenant's intranet, so that he can communicate with the tenant's resources and integrate them into the central portal. The basic idea of such a communication is shown in FIG. 1.
When a client requests content from the portal (step 1), the portal opens a connection to the resources in the client's intranet (step 2) through defined ports in the firewall. The requested pieces of local information are then sent back to the portal through the internet (step 3). This data is integrated into the portal and is sent back as aggregated content to the client (step 4). But within this scenario the provider may be capable of reading sensitive data. And, even if the provider was trustable, all data, including all sensitive pieces of information, would be transferred twice through the internet (see steps 3 and 4). This may require an extensive security effort to protect the data from potential aggressors. Also, this form of back-and-forth-data-transport disadvantageously wastes bandwidth.
To avoid the double transferral of potentially sensitive pieces of information through the internet, all of the tenant's resources could be moved into the provider's site (e.g. extranet) (18). With such a centralization step, the integration of all applications and data can be easily achieved. But this also means that the data may again be visible and accessible to the provider, which is not desirable, especially in the case of sensitive data.
Furthermore, the tenant's autonomy in choosing individual business solutions may be heavily constricted because the installed applications are subject to the provider's restrictions, whereas the tenant has the power to decide what content is on his own intranet site. In addition to this, the hosting-costs have to be considered carefully.
Another option would be client-side content integration via state-of-the-art techniques like IFrames or AJAX (Asynchronous JavaScript and XML). IFrame is an HTML element which can embed another HTML document inside the main document. The drawback of this solution is that the portal content cannot communicate with this IFrame using standardized portlet to portlet communication mechanisms, and the content of the IFrame is not in the portal context. AJAX is a popular way of exchanging data with application services in order to make web pages feel more responsive. To enable AJAX calls to the portal and to local services the portal and local tenant's services have to be in the same (virtual) domain to circumvent the origin policy of the browser's sandbox security. This again makes the tenant's environment vulnerable because central portlets are also able to access the local tenant's (AJAX) services.
Besides the need of IT to centralize infrastructure and services, many tenants also need to use their own individual infrastructure, which may include confidential workflows and confidential data. Both, intellectual property and pure business data should not be revealed to the provider. In this regard, the above prior art portal cannot fulfill its role as the single point of access to all business applications. Hence, the confidentiality needs of the multiple client companies are not satisfied.